Communication data allows for very precise conclusions about the private lives of individuals whose data is retained, such as their daily habits, permanent or temporary residence, daily or other movements, activities, social relationships, and groups they interact with. Specifically, this data enables the profiling of the individuals concerned, which, considering the right to privacy, is as sensitive as the content of the communication itself (C-203/15 and C-698/15: Tele2 Sverige AB, paragraph 99).

Once again, the Ministry of Justice relies on the argument that there is some ongoing ambiguity due to pending European Court of Justice cases.

The same argument was made by the ministry in 2021. Repeating this claim over the years aims to ignore the prohibition set out in the decisions of the European Court of Justice and the Supreme Court against the indiscriminate collection of communication data.

Over ten years ago, on April 8, 2014, the European Court of Justice indicated in its Digital Rights Ireland (C293/12 and C594/12) decision that the indiscriminate collection of communication data for all individuals is problematic in terms of fundamental rights protection. Only a few years later, on December 21, 2016, the European Court of Justice categorically banned the indiscriminate collection of communication data with its Tele2 decision (C203/15 and C698/15). This principle has been reiterated by the European Court of Justice in decisions C-623/17, C-511/18, C-746/18, C-793/19, and C-140/20.

The Supreme Court decided that, as of October 7, 2020, the collection of communication data is a deliberate violation, and any data obtained cannot be used as evidence in criminal proceedings.

State officials also refer to the need to ensure national security. In this regard, the European Court of Justice has explicitly prohibited the indiscriminate collection of communication data. It has been repeatedly clarified that communication data can be collected to counter a significant threat to security only if it is limited by objective and non-discriminatory criteria, according to the categories of data subjects or based on geographic criteria, and is time-limited to what is strictly necessary (e.g., C793/19 and C794/19: SpaceNet AG, paragraph 131).

The Ministry of Justice is well aware of these requirements. The need to establish criteria was already explained in the ERR article published on July 2, 2021, titled "Justiitsministeerium otsib lahendust uurimistes sideandmete kasutamiseks" ("Ministry of Justice looking for solution for use of communications data in investigations").

Despite the clarity on communication data provided by the European Court of Justice in 2014, which declared Directive 2006/24/EC retroactively invalid, Estonia is still among the countries that have not fully aligned their provisions on data retention with EU law, ten years later.

The serious violation of all our fundamental rights does not achieve the goal of crime prevention.

Specifically, communication data is not admissible as evidence in court, which may lead to unjust acquittals even in serious criminal cases. The state should find a balance between fundamental rights and security.

The Ministry of Justice should promptly draft a bill that sets objective criteria for the collection of communication data. It should establish a catalog of serious crimes for the investigation of which traffic and location data can be collected and used. Additionally, categories of data subjects whose data is retained for a certain period should be defined. One such category could include individuals convicted of or suspected of criminal offenses, as well as all communications made using anonymous prepaid cards. Thus, if someone does not agree to disclose their identity while using anonymous prepaid cards, they should be aware that the traffic and location data of their card may still be collected, provided there are relevant legislative measures in place.

Furthermore, the legislature could grant, for example, administrative courts the authority to allow the collection of data for communications occurring within certain time limits in areas with significantly high crime rates or near large public events. Naturally, a corresponding procedural order should be established for issuing such an order, and the data subject should have the opportunity to contest such a decision, even retroactively.

Such measures ensure, first, that data is not collected lightly, second, that data is collected only based on justified need, and third, that individuals retain the possibility to live their lives without their data being collected (e.g., by avoiding certain areas). A European citizen must have the opportunity to live their life in such a way that their profile data is not collected.

The Republic of Estonia risks a situation where telecommunications providers (Telia, Elisa, Tele2) might one day refuse to collect communication data, as was the case in Germany with SpaceNet and Telekom Deutschland.

Additionally, the time may not be far off when an individual realizes that a claim for damages against the state based on such a severe violation is not ruled out. Communication data is invaluable to the state, but it cannot come at the expense of citizens' fundamental rights.

--

Follow ERR News on Facebook and Twitter and never miss an update!